Advanced Ethical Hacking - Web Application Testing Tutorial

Browser Plugins with Chrome

As we start doing web application testing, there's actually a number of things you can do inside your browser without having to rely on external tools. And there's actually a lot of use here because you're going to end up needing to do a lot of manual checking And maybe doing some follow up tests in addition to some of the automated tools.

So, there are different extensions or plugins you can get for different browsers. And I'm going to start with Chrome here, and we're going to take a look at the extensions that Chrome has available.

So, I'm doing this on a Mac at the moment. The extensions for Chrome are really supported across The different platforms. So, in this case, I don't actually have any extensions on here.

And, I want to go browse the gallery and that's going to bring me up to the web store for Chrome so I can take a look at the extensions. And you can see the extensions over here on the left and there are a couple of places to go. I want to start with is developer tools.

And there are some interesting plugins very useful. The Web Developer plugin, for example, Gives us some different capabilities that more have to do with actually how pages look but, you may want to use some of those tools, and there are some others. Firebug Lite, for example, gives us the ability to do a lot of deep digging into actually What the page does and how it's put together so we can look at the document object model, we can look at the job.

We can actually do some interacting with it. So if I want to actually install it, I just do add the Chrome and it's going to do an ad here and we're going to go. Download the plugin, and then it's going to do an install, and you'll see I've actually got a little bug up here, where I can make use of that. And we'll take a look at actually using some of these tools a little bit later on. Going back to the Web store, though. There are a number of other tools that are really useful to use inside of chrome specifically.

So you may want to look at At XML in a more user-friendly way if you're dealing with a web application that does XML that's one that you can do. This one gives you the performance of the web application so if the test that you're doing you're concerned about the speed or usefulness of the application, you could make use of. That plugin. There are plugins here to be able to do a ping, a traceroute and check on DNS blackhole lists here. This is a tool that you can use to determine what technologies are actually used on websites.

So you can figure out what the content management system is if it's not immediately obvious based on Banners and page names. Wappalyzer will actually help you figure out whether you're running Drupal or whether you're running WordPress or whether you're running something else. And you can see whether PHP works. And various other technologies that run on the web server on the website itself. So you can use Wappalyzer for that.

So there's a lot of different extensions that you can install into Chrome that give you a lot of capability and we'll take a look at. [ The capabilities, specifically in a different video here but I want to give you a sense of what's available. There are also some under productivity you may want to look at. Of course, if you're interested in Extensions that don't relate to ethical hacking or penetration testing. There's certainly a lot of other extensions that are there.

But there are some pretty good extensions for Chrome, and as I said, there's a lot of extensions for Firefox in order to be able to do some of this stuff. And we'll take a look at those next.

Browser Plugins with Firefox

So we've looked at plugins for Google Chrome at this point. And then I want to take a look at some plugins for Firefox as well.

So, Firefox has a long history of add-ons, they've been doing them for quite a while. And there's a pretty rich set of Add-on, a capability that exists from various developers around the world. So I need to go to, you saw I went to tools and add-ons, and now I am at the page that shows the add-ons manager.

What I want to do is go to basically the add-ons store and be able to look at the different add-ons that we've got available. Actually, what I want to do is look at extensions specifically, although there are various appearance-related add-ons as well. So, what I want to do Is, I'm actually going to do some searches for some add-ons here. And the first one I want to look at is Tamper Data.

So, we found Tamper Data here, and I'm going to install it now.

And we're going to download and install that, and there are some other ones that I want to look at as well. So Greasemonkey is another one. And Greasemonkey as you can see gives us the ability to change the way A webpage displays or behaves by using little bits of JavaScript. So I want to install a Greasemonkey, and that gives us the ability to actually add on some different user scripts that can do some different things. The other thing I want to do Is one called Firebug.

And Firebug gives us some debugging information about the page itself. And gives us some capabilities to look at some different things inside the page. In a different way then maybe you could get with just looking at the source. There's another one that's useful called HackBar. And that gives us the ability to quickly and easily do some decoding of Bay 64 for example. Or it gives us the ability to do some other types of decodes.

So we can install that. Now there are a number of others, and if you just kind of do some searches, you could do some basic searches like security for example, you'll find a variety of plugins that are available. We could also look for XSS to do some cross-site scripting testing. Here's XSS Me.

So, I could install that. And that will do some automated cross-site scripting testing. And here's another one that gives us the ability to just do some quick checking inside individual text boxes so I could also do some looking for sequel based ones that here's one for sequel inject Attacks, or sequel injection attacks.

And this will do some quick and dirty sequel injection testing for you in a way that it will run through some basic ones, so you don't have to sit there and type over and over and over again. So that cut some of the work out of doing web application testing.

So, we've got a whole bunch of plugins here, and we'll take a look at how some of them work in upcoming videos.

Tamperdata

So at this point, we have actually acquired some plugins for our browsers and I want to walk through using those different plugins here. So I'm going to bring up a webpage first and We'll just take a look at how you could go about using the tool tamper data and just some basics.

So I am in Firefox, which is where tamper data works best, although you can get versions of it for some of the other browsers. This is really where it works the best. So I've got tamper data. And I go to tools tamper data and we bring up a window here.

And I've got a little button that says start tamper and so I'm going to do a start tamper. And what starts tamper does is it's going to start intercepting requests that go in, and out of the browser So for example, if I click here to play this guess num game, it's going to ask me if I want to tamper with this request.

So if I click Tamper, it gives me the headers. And in this case, there are no parameters, because we're not actually doing any form information. So I've got This set of headers and with this, I can actually manipulate the headers after they've been generated by the browser but before they actually go to the server itself. So I could change the user again for example. I could actually remove the reference altogether. So let me do that and send it on its way.

And so now we get back to a different page here. And just to show you a little something extra here, let me click on Play after I've put in my name. So again, we're going to get asked if we want to tamper with the request, and I'm going to say yes. And again, I get the set of header names here. Now one thing that we didn't see on the page is this other parameter. And the parameter is called admin and you can see that it's actually set to n. So what I could do here, Before sending it on to the server, but after the browser itself has processed it, is making a change to that particular parameter. So I can change that parameter there And click okay.

And we're going to send it off to the server, and we're going to get the image back. And now it brings us into the guess num game. But you can see with data, I can actually do a lot of manipulation of the different parameters and header fields that are in each web request. On top of that, I get the ability to look at the requests after they've gone through. So if I'm doing some checking on a web page, for example. And, I discover something's happened, but I need to go back through the history.

All I got to do is find the particular request. Either using a filter or just clicking through. For example, here I've got. A half dozen request so it's pretty easy to just click through all of them and see what each one was, and you can see the method right here as they get, and we've got the URL over here if we pop this open a little bit. Make the window larger. I can actually see what the URL is.

So I've got the URL there. And again we've got the headers down here, and what I've got here is something you would deal with tamper data is that the browser's actually doing a lot of stuff underneath the hood. So it's checking or updates, it's doing safe browsing things, and a bunch of other stuff. So you'll see those from time to time when. You're actually using tamper data and you've got tamper turned on. Right now I'm going to stop the tamper.

But you can see I've got all of the requests and I can see exactly what was done here. So I've got the headers for the request and then I've got the response headers over here as well. So we can see what we got back from the server. So that's how you would use tamper data. And we'll look at actually doing some useful and interesting things with Tamper Data coming up.

Performing Injections with Tamperdata

We've got Tamper Data now and there are a number of different things that we can do with Tamper Data. And we're going to take a look at some of them here. So, let me clear those out and I want to start a Tamper and. I just throw in something here. So, I'm going to do an LS and see whether we can actually do some command injection. So it looks like it's done some Manipulation of the perimeter here. So I'm going to, I'm going to change this back. So what happened was there was some javascript after this particular field right here, and once I hit submit the javascript kicked in.

So What I can do is do some changes after the different fields have been tampered with by JavaScript. I can tamper back and, do a submit, and it looks like that didn't actually work. But you can see that We've got some ability to do a little playing around with what's going on. So, if I were to do maybe this, for example.

We're going to submit that and we're going to tamper. And I'm going to change that back over to the semicolon. And I see the cookie over here, set to high. I actually want to set it to low. Just in case that flag actually has anything to do with anything at all. So it doesn't like the fact that I put a semicolon in there either. So, there's actually some JavaScript going on, however. And with tampered data, I get the ability to play around with the requests after the JavaScript has done all of its manipulations.

So I can make changes to cookies, I can make changes to parameters, and there are a number of other things that I can do using Tamper Data that may allow me to interfere with the functionality of the site in some way. So Tamper data's got a lot of usefulness as we're doing web application testing.

Cookie Data with Tamperdata

We've got tamper data and we've been using tamper data to take a look at various things as we have submitted forms and so on. I want to take a look at something a little bit more specific now.

So, I've got Amazon up here and I just want to look at Some request and so I'm just going to type this in. And what I really want to look at here, is looking at cookie data. So I'm going to say yes. And now I want to hit Tamper. And I'm going to tamper with that and So now you can see we've actually got a cookie here.

So that's a lot of data. I'm going to copy that out, and I'm going to go into a text editor program here. Just so that I can actually see the whole thing, rather than Having to work inside this tiny little box. And let me actually do a new one, a new text document. So I've got a very large cookie string here. And let's go to the very beginning of this and see what we've actually got for parameters being saved.

So looks like that's the session token there. And I'm going to scroll all the way back here. We've got a session ID and it looks like a session ID time. So you can see there's a lot of cookie data that's being stored here and what I may want to do is I'm doing testing here is I may actually want to do something like removing one of these cookies as an example. So let's take a look at doing just the session ID forward. Now if I had a session token that were vulnerable here as an example, What I may be able to do is I may be able to, and this sometimes works, is if the session cookie isn't tied to a particular system in any way, what you may be able to do Is copy the session ID off from one system and use it on a different system.

So, I'm actually going to get rid of this at this point and now I'm going to paste the new one in there. Now, I'm going to just submit that. And in this case, we just get a response back. But you can see what we've got here is the ability to potentially change session ID.

And in doing that, what I may be able to do is grab hold of somebody else's session, or I may be able to cause some problems on the server. Where it may not actually be able to handle bogus session IDs. So what I could also do here is if I were to start a tamper and let's just take a look at that.

We're going to tamper there and we're going to tamper. And what happens if we remove the whole cookie at this point? And then we remove the whole cookie again. And I want to tamper with these subsequent ones And I'm going to remove the cookie. And see what we actually get when we submit a request without any cookie whatsoever. And it actually looks like what's happening is it keeps sending the request back. And I'm going to abort the double-click message here and let's tamper with this one, and tamper with this one, and you can see we seem to be stuck a little bit at this point because it doesn't have a cookie to work with. And I'm going to get rid of that one. And I'm going to get rid of that one.

And it looks like we're just going to keep doing this. As you can see with being able to manipulate cookies, there are a lot of different things that we could actually do with being able to alter cookies using tamper data. [00:04:38] And actually, it's brought up the page at this point. And it did make a lot of requests and of course, there is a lot of components on the page, but keeps asking for additional information here. And we keep dropping the cookie. And doesn't seem to be having any effect on the server. [00:04:59] So. It may not be all that interesting in that respect. What I may also be able to do is just change the cookie information to something bogus and see how we actually respond there.

But really the bottom line is that you can use tamper data to very easily see. What we've got for cookies, and you could actually do some testing on those cookies and see, for example, how random they are. Maybe there's actually a pattern to them. So, you could use something To do some testing against ramness, or maybe there are some fields that would jump out to you. Or you could do a bay 64 decode on some cookies and see if there's actually text in the cookies that jumps out to you.

So, lots of different things that we could do with cookies, and tamper data allows us to do those sorts of things.

SQL Inject Me

I want to take a look at a plugin now called SQL Inject Me. SQL Inject Me is a tool that hopefully will give us a bit of a leg up on being able to quickly determine some fields that may be more likely than others To provide us with some results with cross-site scripting attacks.

So there are a number of things that I can do here. I can change the password field, and I could select a particular type of cross-site scripting attack. So I selected this one. And I'm going to plug it into the password field by just hitting enter here. It fills that password field in with all of this data. Now I can just check the form by clicking the login button. So, I can do that with the username. And change all of the values one at a time, or I could simply do, test all forms with topic tacks.

Now it's going to run through and give me some results quickly based on running all of the tests on those two fields, and. Give us some information about whether it looks like we may be able to get some success in these two fields on this form. So it looks like there may be some possibilities with the login field. [00:01:33] And being able to maybe exploit that by using a SQL injection attack and we've gotten some results here with the tested values that we may be able to make use of and go a little bit further with that. So you can see that we quickly narrowed down the possibilities here.

So we didn't get anywhere with the username or password or login field. What this is, is they found an unnamed field that they were able to do some testing with and find some Areas where they got some responses back. So, in this case, there are 302s that were found, so we may or may not be able to do much of anything with that, but it does suggest that we got some results from these particular tested values.

So again, it's not one of those. Cases where SQL Inject Me is going to do the actual exploiting for you and just hand you all of the data. What it's going to do is short circuit some of the testing by doing the grunt work in an automated fashion. And give us some pointers so that we can actually focus our Testing in particular directions, so hopefully that will save us some time, particularly in cases where we've got a large site to test we may be able to use something like SQL Inject Me to save us some time. So that we can narrow our focus to areas that may give us more results than other areas.

XSS Me

We're going to look at a plugin called XSS-Me at this point, and what XSS-Me does is it gives us the ability to take some of the tedium out of doing cross-site scripting.

So cross-site scripting, there are a lot of Ways of doing a cross-site scripting attack. Lots of permutations, lots of different ways of structuring the data and reformatting it so that we can get around various web application firewalls, for example. So what I want to do here is bring up the XSS ME. A sidebar in FireFox, and there's some different things that I can do here. One of the things is I could just do some changes to a particular field here. So, I've got a Field on my page. And I can select a particular type of attack.

Once I've selected the attack that I actually want to try, I just hit enter here in this box, and it pops it up into the field that I want to check. So I can Now just click the submit button there. And now I've just tested that particular field, for that particular type of attack. Now going through those There's some value in not having to do all of the typing of course. But what I may want to do is just test all of the forms.

So I can test all forms with top attacks and that's going to check all of the forms in all of the fields. On that particular page with the various types of cross-site scripting attacks that XSS knows about. So it's going to run all of the tests for me in an automated fashion. Now Automated attacks or automated testing isn't really all there is to it. I can't just run this XSS Me and say hey guess what I've done some cross-site scripting. It's still going to take some manual checking on the other end but what this does is it gives me some pointers. Into some fields on the page that may present me with more opportunities than others.

So for example, this field right here suggests that there maybe some possibility with this field to do some cross side scripting.

Now, I can't just trust the result because it's really just doing a blind look for Some piece of data in the response, which doesn't guarantee that the page is open to cross-site scripting. But it does give me some shortcuts in terms of Being able to quickly eliminate some fields that probably don't give us a lot of opportunity for attack. So we've got some narrowing down of the. Attack vectors on a particular page, and certainly there's some value to that, particularly with how quickly it ran through all of those tests.

So, we can quickly eliminate some fields and maybe get pointers to other fields on a page. That are going to give us more results maybe more quickly.

Firebug

Another tool that we can use that's really helpful, not only is it really helpful, but it's also very extensible, is a tool called Firebug. And what I can do here is just go to a website. And there's a particular reason I've actually picked Drupal And that's because we've actually got a plugin for Drupal and I've got it installed here. So in order to get to Firebug I right click on something on the page.

And in this case I'm just going to pick a link and I'm going to say inspect element with Firebug. Now what Firebug is going to do is it's going to pop up a window down below, it's going to show me the HTML. From the page, so we've got the page source. And it's going to show me exactly where in the HTML that particular element is located. So this gives us a quick and easy way of locating particular elements within a page.

So, I've also got a Drupal plug-in here and it actually says there's no Drupal data. That was found. So even though we're on Droople, the Droople for Firebug module may not be functioning correctly, but that's one that's there. And there are a number of other plug ins that you can get for Firebug as well. So Flash for example, if There's flash on the page, Firebug can help you with doing the flash. So we've also got some information here on the cascading style sheet, so I've got all of that. I can do.

Changes to how the cascading style sheet is represented. I can take a look at the document object model. So, I can see all of the elements in the document object model and see what their current state is and what is going on. With the document object model. So here's another link here for cascading style sheets and we can take a look at scripting as well. So there's a lot of Useful information that you can quickly and easily find within an individual page using firebug. And, it gives us the ability to have a developer's view. Of what's going on, on a particular page.

So we could take a look at for example -. Another one would be WordPress maybe and I want to look at this element with Firebug. So I want to bring that one up and you can see again we've got an input here. And we've got some parameters within this particular input type. So in a pretty complex piece of HTML, with all sorts of sections and divisions, it's actually organized it pretty well for us. So that we can easily find the elements that we want to see what's really going on. So we can see all of the input types, for example, and find out what they're called, what other parameters are there. So auto-capitalize and auto-correct are both off in this case.

And we've got A class with a link here, to do some popping over to the lost password function within WordPress. So, there's all sorts of information that you can get within Firebug, and as I said, there's a number of plugins. That you can get as well. So if you want to be able to do some more digging into the source and be able to see all of the source in an easy to read way so that you can get more information about the page and maybe get some insights into how to go about Doing after the page so maybe finding hidden inputs, for example, easily and quickly. Coz you know a lot of pages are actually sent in a way that makes it really difficult to read.

So Firebug actually helps us out with some of that by organizing it and making it easier to find elements within a page

Hackbar

What I want to take a look at right now is actually a toolbar that we can use with Firefox. So in order to use this toolbar, I have to go up to View > Toolbars This, and then I'm going to select HackBar.

Now HackBar isn't something that you're going to use to just hack into pages. What it's going to do is it's going to give you some shortcuts to information. So, let me Do this, for example, I'm going to just select some data and I'm going to paste it into this box up here. So one of the handy things that HackBar gives you, is the ability to quickly encode and decode data in particular formats.

So right here I've got a Base64 So I can base 64 encode that string, and then of course I can base 64 decode it. So if you're working with a page and you're seeing data, whether in parameters or in headers or something like that, you can open up HackBar. And plug that data in here, and then quickly decode it. So you can actually see what's going on. I can also do things like Hex encoding. So, this is all Hex encoded now. That same string, this is now. In hexadecimal form. So i can similarly do Hex to Characters and come back to the original string that I've got.

Now, you'll see in addition to encoding there's an Other menu here, so I could add slashes for example. I actually have to select the string. And then I can add slashes, or I could strip slashes or strip spaces. So if I did that, I could take all of the spaces out, but just helps us with different formatting that is going on.

So, I've got the ability to do some MD5 hashing that would give me the MD5 Hash of the data. I can do some simple MYSQL. So for example, that would be the character for MYSQL. It's actually done the conversion there for us. I could do things like basic info column here and that's given me some, Actual sequel statements that I may be able to use. So similarly for MS Sequel and Oracle, it's got information that I may be able to use just for shortcuts as I'm going through here. So Cross-site Scripting, I could do string from character code. I could do HTML Characters.

So, we've converted everything there to HTML Characters. If you wanted, for example, to do something like a classic trying to do a cross-site scripting thing here, where we just did an alert box. Now I select all of this, and I can use this to convert all of that to HTML characters.

So now if the page actually isn't paying attention to the conversion, I may be able to use this to do some cross-site scripting. So I can take that out and for example just plug it in there And do a go. And I'm not actually getting anything back, which doesn't really surprise me, but I can do the different conversions up in this box, here, and then just quickly and easily plug them into the pages that I'm testing down below. So the hack bar actually gives us some shortcuts for doing data manipulation so that we can do our testing inside the web application may be more efficiently and more quickly.

Wappalyzer

Then we continue to look at some of the various plug-ins that we've downloaded and installed into the browser here. So right now I want to take a look at a plug-in called Webalizer. Now Webalizer is a tool that will give you information about the web application That's actually running. So, we can take a look at the server type and different frameworks that may be in use.

Right here, I'm going to bring up Wappalyzer. And we can see they're using comScore and jQuery, and those are in use on the page Actually, they're using Webtrends as well and right here you can see that apparently on this page they're using Microsoft ASP.NET 4.0.30319. It's running on IIS and running Windows Server. So that's a fairly detailed amount of information. That we're getting from Wappalyzer here on the Microsoft support site.

Now Web 2,0 actually has given us a lot of content management systems and frameworks for doing different things. And WordPress happens to be one of them. A lot of sites actually are being created in WordPress and it's not as much a blogging site anymore. So, it's been called a content management system, but historically it's actually been used For purposes of putting blogs up, weblogs up.

But now we're creating content in it and it's being used for business purposes. So let's take a look at Wappalyzer. On the Word Press site and see what we've got here. So it looks like there's a JavaScript framework called Modernizr being used. There is the Google Font API and right here of course we have identified Word Press. As the content management system and it's using PHP. On top of that, it's being run on an Nginx server.

And so, there's a lot of information here that we can find about the different frameworks and the different technologies that are being used on this particular site. So another. Content management system that gets used a lot is Joomla. And so we can take a look at Joomla here just to see what we can find about the technologies that are in use there. So we've got Google Analytics, we've got MooTools, Joomla, PHP and we're running Apache.

So why is all of this useful? Well all of the software here has potential vulnerabilities in it, and if you find the vulnerabilities that exist in these different tools and frameworks then you may find a way of. Exploiting the web server, or the web services in a way that gets you access to something just beyond what here in front of you. So, these tools are really useful. And Wappalyzer will take a lot of the manual work out of looking for all of this information.

So, you could go digging through the source code, you could do the scanning, you could do all of the work yourself, or you could just use a tool like Wappalyzer and find all of this information pretty quickly and easily just by clicking In the address bar here, where Wappalyzer shows you all of the information that it's got.

Passiverecon

Another tool that I want to take a look at quickly with you is one that's called passive recon or passive cache. Now, what this tool actually gives you the ability to do, again, this isn't really particularly Earth-shattering, but it does Provide a shortcut for doing some research. So in this case what passive cash gives me the ability do is it gives me the ability to quickly do a look up in the Wayback Machine or in Google to find older versions of the page.

From those older versions, I may be able to find out some information that is now hidden. So maybe some contact information or something else that may give me some insight into a way into the page. So I could do a PassiveCache Google and it's going to give me the Google cache. Version of the page.

So you can see right up top here. It says, this is Google's cash of that particular page. So, I can also, if I just right click on the link, I can say passive cash archive this link, and that's going to look it up in the internet archive Wayback Machine.

So the Wayback Machine does snapshots of Pages of sites on the internet, so that we can actually go back and look historically at how the site has changed. So you can see we can go back a number of years here. And. This just gives us a way of quickly getting to this archive here.

So again, it's not one of those things, necessarily, that is going to be earth-shattering. It's not something you couldn't do yourself. It's just a way of Quickly going to these particular sites to find historical versions so that we can actually take a look at them.

Now we can also with PassiveRecon look up information about DNS for example so that I could do DNS information about this particular site. So I come over here, we're using a service called Robtex, and again, you could come to the site yourself and plug the information in.

But having the ability to just click and go to It is really helpful so we can do a numeration using Netcraft to figure out historically what has been going on with the server type that's in use. We can look up IP information. We can do who is. We can do email to figure out what the records are. So there is a lot of things that we can do very quickly using passive recon or passive cash. So here is actually something that does some Google hacking for us.

So we can do a search for Microsoft Excel And find the file types on this particular site. So we can look for Excel documents on this particular site. Again, it's something you can easily do with Google. If you know the Google hacking keywords, you can quickly and easily do that. But again this is something that you can just right click and be able to pop up a new page with the information for you without having to do a lot of typing.

It's just a time saver more than anything else. But it can be very valuable If you are doing a limited term engagement, you can quickly and easily make a couple of clicks and find different pieces of information that you may need that may get you a little bit further in the site that you're testing.

Groundspeed

So we're going to take a look at another plug in that's been installed in Firefox. And this plug in is one that's called Ground Speed.

Now, I've just got a web page up here. In this case, it's a page that comes with Damn Vulnerable Web App, which is a good Framework for looking at different web vulnerabilities and helping to understand how they work and figuring out how to exploit them. I've just got this up here so we can take a look at some things quickly. So I want to launch GroundSpeed, we go up to the tools menu and just click on GroundSpeed.

Now what GroundSpeed gives us the ability to do Is look at the components to a particular webpage and a web interface. So right here I've got a form that doesn't actually have a name and we've got a couple of attributes here. So there's a Method that's being used called get, and the action is just pound, which suggests that there is something inside the page that's actually handling the action for us. So, we've got an IED here, which is the form element, and in this case it's an edit box. Or an input box.

And the other form element that we've got is the submit button. And that's right there. So, you notice when I click on these different elements, Groundspeed will actually highlight them on the page for me. So, there's my submit button. And, in this case, we see the attributes here. The name is ID and the type is a text box or just text. So same with the submit button. If I click the submit button there I get submit, submit, submit.

Now this isn't particularly interesting on this page. Because we can see all of these elements. And if we looked at the code, we could figure it all out. It would probably be pretty easy. On more complex pages though, or in cases where there were hidden inputs, so for example, if I were to go back to the Microsoft support site that we were looking at previously, then I've got the form here and we noticed this actually has a name and its a form.

Here's the ID text field which appears to be hidden and we've got another one called mode and there are some check boxes here, we can see all of those and it will highlight them for us. And there are some radio buttons. And if I scroll down and over. They don't actually appear to be on the page that I can find to highlight them. Which means they're under the options button that was hidden. So now I know where all of those are as well. So again, we've got all of the attributes here.

And the values that we could actually implement. So now I know what the values are. And again, I could get this by looking at the page source, but having the ability to Just see it right here in front of me and be able to interact with it easily really is helpful, because it gives me a shortcut to getting this information together. And having these values here In the case of this radio button, so I've got the value right there. Then that gives me the ability to maybe figure out how I might be able to manipulate that value, using something like tampered data.